Lightweight Directory Access Protocol (LDAP) Assertion Control
RFC 4528

 
Document Type RFC - Proposed Standard (June 2006; No errata)
Was draft-zeilenga-ldap-assert (individual in app area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4528 (Proposed Standard)
Telechat date
Responsible AD Ted Hardie
Send notices to kurt@openLDAP.org
Network Working Group                                        K. Zeilenga
Request for Comments: 4528                           OpenLDAP Foundation
Category: Standards Track                                      June 2006

              Lightweight Directory Access Protocol (LDAP)
                           Assertion Control

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document defines the Lightweight Directory Access Protocol
   (LDAP) Assertion Control, which allows a client to specify that a
   directory operation should only be processed if an assertion applied
   to the target entry of the operation is true.  It can be used to
   construct "test and set", "test and clear", and other conditional
   operations.

Table of Contents

   1. Overview ........................................................2
   2. Terminology .....................................................2
   3. The Assertion Control ...........................................2
   4. Security Considerations .........................................3
   5. IANA Considerations .............................................4
      5.1. Object Identifier ..........................................4
      5.2. LDAP Protocol Mechanism ....................................4
      5.3. LDAP Result Code ...........................................4
   6. Acknowledgements ................................................5
   7. References ......................................................5
      7.1. Normative References .......................................5
      7.2. Informative References .....................................5

Zeilenga                    Standards Track                     [Page 1]
RFC 4528                 LDAP Assertion Control                June 2006

1.  Overview

   This document defines the Lightweight Directory Access Protocol
   (LDAP) [RFC4510] assertion control.  The assertion control allows the
   client to specify a condition that must be true for the operation to
   be processed normally.  Otherwise, the operation is not performed.
   For instance, the control can be used with the Modify operation
   [RFC4511] to perform atomic "test and set" and "test and clear"
   operations.

   The control may be attached to any update operation to support
   conditional addition, deletion, modification, and renaming of the
   target object.  The asserted condition is evaluated as an integral
   part the operation.

   The control may also be used with the search operation.  Here, the
   assertion is applied to the base object of the search before
   searching for objects that match the search scope and filter.

   The control may also be used with the compare operation.  Here, it
   extends the compare operation to allow a more complex assertion.

2. Terminology

   Protocol elements are described using ASN.1 [X.680] with implicit
   tags.  The term "BER-encoded" means the element is to be encoded
   using the Basic Encoding Rules [X.690] under the restrictions
   detailed in Section 5.1 of [RFC4511].

   DSA stands for Directory System Agent (or server).
   DSE stands for DSA-specific Entry.

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in BCP 14
   [RFC2119].

3.  The Assertion Control

   The assertion control is an LDAP Control [RFC4511] whose controlType
   is 1.3.6.1.1.12 and whose controlValue is a BER-encoded Filter
   [Protocol, Section 4.5.1].  The criticality may be TRUE or FALSE.
   There is no corresponding response control.

   The control is appropriate for both LDAP interrogation and update
   operations [RFC4511], including Add, Compare, Delete, Modify,
   ModifyDN (rename), and Search.  It is inappropriate for Abandon,
   Bind, Unbind, and StartTLS operations.

Zeilenga                    Standards Track                     [Page 2]
RFC 4528                 LDAP Assertion Control                June 2006

   When the control is attached to an LDAP request, the processing of
   the request is conditional on the evaluation of the Filter as applied
Show full document text